* Arriving strings (i.e. user id names, error messages) are not
always in javascript encoding. This is an attempt to go through
the whole gpgme answer (with the exception of payload data) and
to fix the encoding of these

* src/Key.js The synchronous mode for a Key does not offer an armor/
armored property anymore. This frees up a lot of performance issues,
also the armored expoort is expected to change quite often, so a
cached version is not advisable.

* hasSecret/getHasSecret is now refactored, to reflect their uses.
With get('hasSecret') there is a method that fetches the result.

* src/Key.js Key class is not exported anymore, as it should not be
used directly anywhere. setKeyData is no more a method of the Key,
(optional) data are now validated and set on Key creation and on
updates, both from within this module, thus no longer exposing
setKeyData to the outside.
* createKey now gained an optional parameter which allows to set Key
data at this point.

* src/Key.js: the fingerprint returned by a Key is now always upper
case hex, even if the constructor had lower case input. This is to be
more consistent with gpgme and to be more readable and reliable in
comparisions.

* src/index.js: The export now uses a freezed Object, which does not
allow for simply overwriting the init method by e.g. a third-party
library.
* BrowsertestExtension: Added some tests trying if decryption of bad
data properly fails

* The aim is to iterate through the results of the first request
(all keys), and then add the propert 'hasSecret' to those that
are in the second request (secret Keysring) as well. I messed
this up in a recent change, and it escaped testing.

* An Object.freeze should stop any malicious third party from changing
objects' methods once the objects are instantiated (see unittest for
an approach that would have worked before)
- An initialized gpgmejs- object doesn't have a '_Keyring' property
anymore (it still has its 'Keyring')
- The internal expect='base64' needed to be turned into a method.

--
* src/ [Connection, Error, Key, Keyring, MEssage, Signature, gpgmejs]:
Functions and values that are not meant to be overwritten are now
moved into their constructors, thus eliminating the possibility of
overwrites after initialization.

* Key: The mode of use (synchronous cached, or async promises) ivs now
determined at initialization of that Key. The property Key.isAsync
reflects this state.

* The import answer now also directly contains the armored Key as Key
property, without need to refresh the Key object created in the
answer. This allows for direct comparision of input and output.
* BrowserTestExtension: added test for that import callback

* src/Keyring.js: If the optional "pattern" parameter is not to be
used, but another, following parameter is, null is more of a
convention in javascript, thus both null and undefined are
interpreted as "this parameter is not meant to be set".

- getKeysArmored now returns an object with property 'armored' being
the exported armored block, and an (optional) array of fingerprint
strings for those keys that can be used in sign/encrypt operations
as property 'secret_fprs'. With this, extensions such as mailvelope
will be able to bulk fetch all necessary key information in one
request.

* non-documentation changes which do not affect functionality:
- src/Errors: disabled a console.warn that is only useful for debugging
- helpers.js: renamed "string" to "value" in isFingerprint and isLongId
to avoid confusion
- src/Keyring: prepare_sync, search are both explicitly set to false by
default

* Don't make a secret-Key request for each Key retrieved, use one
request for all of them instead, and assemble the info later. This
should reduce the traffic with large Keyrings. The bulk retrieval
for the public armored Keys for each of these Keys is still up to
discussion

* unittests: disabled assertion for the armored key (as it currently
doesn't work)

* encryptTest: clarified the mechanism/reason of rejection for
Messages >64 MB. This is still a TODO, as this error comes from a
different place (the browser itself) and behaves different from the
other errors.

* A verify at gpgme-json does not fail if there is a valid pgp message
that does not include a signature. Instead, the answer will be devoid
of signatures. In javascript, the SIG_NO_SIG error should be reported
here, but wasn't.

--
* package.json:
- the old webpack-cli version depended on two packages
with vulnerabilities, set to minimum version 3.0.8 to fix this
(nodesecurity.io/advisories/157, nodesecurity.io/advisories/612)
- added License identifier

* src/Keyring.js: getKeys() now has the option "search", which will
trigger a remote lookup (as configured in gpg) for the string given
as pattern.
* src/permittedOperations: make use of the new 'locate' option in
keylist
* DemoExtension: Add a button for lookup, to demonstrate the
functionality

* BrowserTestExtension:
- The KeyImport/Export test had some errors, which have now been fixed
- The secret key used for the test examples is now placed more
prominently, and a clarification added that decrypt tests will not
work if this key is not imported.

* src/Key.js: GetDefaultKey now relies on the info associated with the
key, as the approach of relying on a secret subkey did not work as
intended
* DemoExtension: Added a button for retrieval of the subkey, to test
this functionality.

* src/Keyring.js: Added method generateKey for new Keys
Still TODO: Key length and some further testing. Automated testing
does not work in this case, and gpgmejs will not be able to delete
test keys again.
* src/permittedOperations.js Added new method's definitions according
to gpgme-json

- Keyring.getKeys: has an additional option that retrieves the armor
and secret state once at the beginning. This is power hungry, but
allows for Keys to be used directly (without querying gpgme-json
each call)
* permittedOperations.js: reflect recent changes in the native
counterpart, adding more options
* Key: adding two methods for retrieving the armored Key block and
for finding out if the Key includes a secret subkey.

* src/Connection.js: isConnected was renamed to checkConnection, that
returns a promise with either version information or Boolean
* Connection checks have been adapted to reflect that checkConnection
returns a Promise
* BrowsertestExtension: tests/signTest.js was missing from my last
commit

* Updated the decryption example code in the HOWTO and the
corresponding decrypt-file.py script to gracefully handle a
decryption failure. This error will always be triggered when GPGME
is used to try to decrypt an old, MDC-less encrypted message or
file.

* Uint8Arrays are not supported for now there are unsolved issues in
conversion, and they are lower priority

* encrypt gains a new option to indicate that input values are base64
encoded
* as decrypted values are always base64 encoded, the option base64 will
not try to decode the result into utf, but leave it as it is

* src/w32-util.c (_gpgme_get_gpg_path): Use new defines.
(GNUPG_REGKEY_2): x64 aware regkey as used by GnuPG in Gpg4win 2.x
(GNUPG_REGKEY_3): x64 aware regkey as used by GnuPG in Gpg4win 3.x
(_gpgme_get_gpgconf_path): Use new regkeys. Add another fallback.

--
This should fix more "unsupported protocol" issues if Gpg4win /
GnuPG is installed in a non standard path on 64bit systems.

This extra check makes sure that a missing or stripped MDC in
- gpg < 2.1
- or gpg 2.2 with an old cipher algorithm
will lead to a decryption failure. gpg 2.3 will always fail in this
case. Implementing this check here and not backporting the 2.3 change
to 2.2 has the benefit that all GPGME using applications are protected
but scripts relying on rfc2440 (i.e. without MDC) will only break when
migrating to 2.3.

Note that S/MIME has no integrity protection mechanism but gpgsm
neither emits a DECRYPTION_INFO status line, so an error will not be
triggered. If in the future gpgsm supports authenticated encryption
it may issue a DECRYPTION_INFO line to force a failure here but it
will in that case also emit a DECRYPTION_FAILED anyway.

* Some assumption on messages were wrong. Now the tests use more
reasonable sizes.
* bigString now uses the full utf8-extent, with the exception of
U+0000. This code gets dropped during the encryption-decryption
process.

* The majority of tests needs to be run in a nativeMessaging context.
Offering the few tests that don't need this context at two places
introduces issues with maintainability. All tests now removed can be
found in ./unittests.js

* There were some inconsistencies between utf-8, transfer and browsers'
utf16, which broke characters that were split between individual
messages. src/Connection now contains a workaround that reassembles
javascripts' format from passed base64 strings. This needs someone
more experienced looking.
* Added several new tests which were failing during initial debugging
of this issue
* reorganized BrowsertestExtension to avoid cluttering.

* Key.js: Error code for wrong parameter in createKey should be
"PARAM_WRONG"
* Helpers.js: The property openpgpjs-like Objects were checked for in
toKeyIdArray was not defined.
* src/permittedOperations.js: updated more expectations and assumptions
for the native API

* new Problems:
- There seems to be a message size limit of about 21 MB for
nativeMessaging, much lower than the documented 4GB.
- Some bytes are lost with random data in an encrypt-decrypt
roundtrip. The culprit is unclear.

* Changed the expiration date for the generated test key to NYE this
century, rather than the NYE this millennium as originally suggested
in job #3815.
* This covers the lifetimes of current users (except, maybe, some very
healthy millennials) as well as the 32-bit clock end date in 2038;
without falling foul of OpenPGP's 2106 expiration.

* Added unittests to be run inside a Browser. To be able to access
the non-exposed functions and classes, a testing bundle will be
created, containing the tests (unittests.js) and the items to be
tested.
* src/Helpelpers, src/Key, src/Keyring: fixed some errors found
during testing.

- Moved testapplication to Demoextension
- Created BrowserTestExtension.
Includes mocha and chai. For running tests that cannot be run
outside a WebExtension

Both Extensions can be found zipped in build/extensions after
running build_extensions.sh

* Code changes:
- src/Config: Place for the configuration
- small fixes raised during testing in Keyring.js, Message.js,
- src/gpgmejs_openpgpjs.js don't offer direct GpgME object to the
outside, as it only causes confusion
- index.js init() now checks the config for validity

* Tests:
- Reordered tests in test/.
- Input values are now in a separate file which may be of use for
bulk testing

* Introduced Mocha/chai as testsuite. After development build
'npm test' should run the unit tests. Functionality exclusive to
Browsers/WebExtensions cannot be run this way, so some other testing
is still needed.

* Fixed errors:
- Helpers.js toKeyIdArray; isLongId is now exported
- Key.js Key constructor failed
- Message.js will not throw an Error during construction, a new
message is now created with createMessage, which can return an
Error or a GPGME_Message object

* gpgmejs_openpgpjs
- unsuported values with no negative consequences can now reject,
warn or be ignored, according to config.unconsidered_params
- cleanup of unsupported/supported parameters and TODOS

* A src/index.js init() now accepts a configuration object

* Errors will now be derived from Error, offering more info and a
stacktrace.

* Fixed Connection.post() timeout triggering on wrong cases

* Added comments in permittedOperations.js, which gpgme interactions
are still unimplemented and should be added next

--
* A timeout of 5 seconds is activated for functions that do not require
a pinentry. This definition is written to src/permittedOperations.js
* testapplication.js now alerts the proper error codes and messages.
* src/Errors.js fixed two typos in error handling

* src/aKey.js changed fingerprint to setter (to avoid overwrites)
* src/gpgmejs_openpgpjs.js
- Added a class GPGME_Key_openpgpmode, which allows for renaming and
deviation from GPGME.
- renamed classes *_openPGPCompatibility to *_openpgpmode. They are
not fully compatible, but only offer a subset of properties. Also,
the name seems less clunky

* The Connection will now be started before an object is created, to
better account for failures.
* index.js: now exposes an init(), which returns a Promise of
configurable <GpgME | gpgmeGpgME_openPGPCompatibility> with an
established connection.
* TODO: There is currently no way to recover from a "connection lost"
* Connection.js offers Connection.isConnected, which toggles on port
closing.

* Error handling: introduced GPGMEJS_Error class that handles errors
at a more centralized and consistent position
* src/Connection.js:
The nativeMessaging port now opens per session instead of per
message. Some methods were added that reflect this change
- added methods disconnect() and reconnect()
- added connection status query
* src/gpgmejs.js
- stub for key deletion
- error handling
- high level API for changing connection status
* src/gpgmejs_openpgpjs.js
- added stubs for Key/Keyring handling according to current
state of discussion. It is still subject to change
* src/Helpers.js
- toKeyIdArray creates an array of KeyIds, now accepting
fingerprints, GPGMEJS_Key objects and openpgp Key objects.
* Key objects (src/Key.js) Querying information about a key
directly from gnupg. Currently a stub, only the Key.fingerprint is
functional.
* Keyring queries (src/Keyring.js): Listing and searching keys.
Currently a stub.

* Compatibility class gpgme_openpgpjs offers an API that should accept
openpgpjs syntax, throwing errors if a parameter is unexpected/not
implemented
* tried to be more generic in methods
* waiting for multiple answers if 'more' is in the answer
* more consistency checking on sending and receiving
* updated the example extension
--